search cancel

Certificate support for DDF sign-on

book

Article ID: 257601

calendar_today

Updated On:

Products

ACF2 - DB2 Option

Issue/Introduction

Are certificates instead of passwords supported for DDF users of ACF2 for DB2?

Environment

Release : 1.3

Resolution

From the security standpoint, certificates can be used for system entry validation for DDF users of ACF2 for DB2. 

There are two ways for application to perform this authentication using any ESM (ACF2/Top Secret/RACF):

  • initACEE (IRRSIA00)
  • RACROUTE REQUEST=VERIFY ENVIR=CREATE X500NAME=X500 name pair addr 

Depending on what application is being used to connect to db2 using DDF, it is up to the application to make the security call and pass digital certificate as identification.

Next, ESM will search the security database for a matching certificate's serial number and issuer's distinguished name, if no match is found, initACEE attempts to locate an appropriate certificate name filter(ACF2 and Top Secret CERTMAP record, RACF RACDCERT MAP) by searching using a series of full and partial distinguished names until the most specific matching filter is found.